System managers or administrators have at their disposal access options to the hardware or access rights to the software of a computer system to maintain and manage the computer system to ensure error-free operation of the computer system or error-free usage of the computer system by end users. It is problematic that the extended access rights of system managers or administrators generally also permit access to personal or confidential data stored on the computer system being operated. For instance, administrators have the capability of reading confidential data of end users.
Typical approaches to ensure confidentiality of information or data protection in general are established by virtue of the fact that specific directives (processes which are to be observed) and rules (commands and prohibitions) are established, e.g., contractually between the individual user groups of a computer system. However, a problem with these approaches is that user groups having extended access rights, e.g., employees of a software service provider, may be criminals, or are being blackmailed or bribed. Therefore, technical measures are required which prevent access to confidential data within a computer system.
In particular, so-called “event protocol” data or log data can be the subject of unauthorized access by system managers or administrators. Event protocol data are generated continuously or at predetermined time intervals by specific entities (applications, system programs, system hardware, etc.) in a computer system and are stored in a memory of a computer system.
The event protocol data can contain, e.g., information relating to specific system statuses of the computer system, optionally predetermined error protocols intended for a system manager or administrator. On the other hand, the event protocol data can also contain information to be assigned, e.g., to a specific end user as information, e.g., specific business transactions, personal customer data, credit card numbers, etc. In general, the information last referred to is confidential and intended only for the respective end user or, for reasons of possible traceability, for restricted groups of persons, e.g., for account managers. For legal reasons, e.g., for reasons of investigations conducted by the police or public prosecutor's office, it is often necessary to be able to trace specific transactions in the computer system. In general, however, access by a system manager or an administrator to the confidential customer information is to be prohibited.
Technical features of an encryption of event protocol data permit only access protection which is limited or can be bypassed because the data can be decrypted or reconstructed by expert users or can be present in unencrypted form by reason of suitable measures during processing thereof in the computer system (e.g., in the processor core of the computer system). Consequently, measures for encryption of the event protocol data are not adequate on their own to ensure increased data protection.
Therefore, it could be helpful to provide a method, a computer program product and a computer system which by technical measures permit protected deposit of event protocol data of a computer system and prohibit forbidden access to confidential information.